Risk Management Policy

1. Introduction

1.1. Purpose

The purpose of the risk management policy is to explain the company’s underlying approach to risk management and to document the roles and responsibilities of the Board of Directors, and the senior management team. It outlines key aspects of the risk management process and identifies the main reporting procedures. 

Risk management informs strategic development through the identification and treatment of risk so that strategic objectives are more likely to be achieved, damaging events are avoided or minimised and opportunities are maximised. Good risk management increases the probability of success and reduces the probability of failure and uncertainty of achieving the company’s objectives.

1.2 Scope

This risk management policy forms part of the Company’s governance and internal control arrangement. The Board of Directors as ultimate responsibility for risk management and is therefore responsible for the approval and review of the Risk Management Policy and for ensuring that it is appropriately managed. 

1.3 Definitions

A frequently used definition of risk is: 

‘ the threat or possibility that an action or event will adversely or beneficially affect an organisation’s ability to achieve its strategic objectives’

At an institutional level, risks can affect either positively or negatively the company’s ability to operate as a business and/or deliver its strategic objectives. Risk management is important to ensure that threats and opportunities affecting the successful delivery of operating and commercial plans are appropriately addressed and managed. 

2. Policy

2.1 Risk Identification and Assessment

Risks are identified and assessed through the establishment of a Risk Register. For the Risk Register, the company uses a 5 x 5 risk rating mechanism to assess the impact (rated A to E) and likelihood of risk (rated 1 to 5), with a scoring of A1 denoting the highest risk on the scale as high impact and high likelihood. 

Likelihood

I

M

P

A

C

T

 L I K E L I H O O D

A5

A4

A3

A2

A1

B5

B4

B3

B2

B1

C5

C4

C3

C2

C1

D5

D4

D3

D2

D1

 

 

 

 

 

Impact

The score should reflect the higher of the financial value, the proportion of teaching programmes affected and the degree to which the whole company is affected

Score A (highest)

  • The incident would significantly affect the operation, reputation or strategic direction of the company, or
  • The incident would cost the company £500,000. For instance, this could equate to a loss of £600,000 in a single year or losses of £150,000 per year over a period of four years.

Score B

  • The incident would affect the operations, reputation or strategic direction of the whole Company but not significantly, or
  • The incident would cost the company between £250,000 and £500,000. For example, this could be £300,000 – £600,000 in a single year or £75,000 – £200,000 per year over a period of four years.

Score C

  • The incident would affect the whole company to a small extent, or
  • The incident would cost the company between £150,000 – £300,000. For example, this could equate to a loss of £150,000 – £300,000 in one single year or losses of £37,500 to £75,000 per year over a period of four years. 

Score D

  • The incident would have little or no effect on the company, or
  • The incident would cost the company up to £150,000. For example, this could equate to a loss of £150,000 in one singe year or losses of up to £37,500 per year over a period of four years. 

Likelihood  

Score 1 (highest)

  • It is expected that this risk will materialise at least once within the next two years, or has already materialised. A risk of this kind is likely to be reflected as a contingency or directly in the company’s budgets and medium-term financial plan. 

Score 2

  • It is reasonable to assume that this risk will materialise at some point (possibly once or twice withing the next five years). This kind of risk may be reflected as a contingency in the company’s budget. 

Score 3

  • It is reasonable to assume that the risk will materialise once or twice within a period of five to ten years. 

Score 4

  • There is a low likelihood of the risk materialising (there is a possibility that this could happen at least once within a period of five to ten years, but it is considered unlikely). 

Score 5

  • There is a very low likelihood of the risk materialising (this is not expected to happen but it may do in exceptional or unusual circumstances – it has been known to happen in the past)

2.3. Risk Reporting

  • Risks are recorded on the Risk Register 

The criteria of the Risk Register are as follows:

CRITERIA

DETAIL

Risk Area

Identifies the areas of risk

Risk Description

A summary risk description

Contributing Factors

Key factors that would contribute to the risk, including sub-risks

Risk Ownership

Assigns ownership of the risk to relevant members of the Senior Management Team

Current Controls (Mitigating
Factors)

Describes controls and management actions already in place to mitigate against the risk

Directions of Travel

An indication of whether the risk is seen as stable, increasing or decreasing

Planned actions/Contingency plans

Describes planned actions or controls that are in the process of being implemented, and notes any contingency plans in place or planned that should prevent the risk from materialising

3. Roles and Responsibilities

The Board of Governors and the Board of Directors have joint responsibility for effective risk management for all academic and operational aspects of EM Normandie UK Limited.

The Principal’s  role is to:

  • identify and evaluate the significant risks faced by the company in the company’s Risk Register for consideration and approval by the Board of Governors and the Board of Directors
  • implement policies on risk management
  • design and implement processes and procedures to minimise risks, such as robust processes for the compliance with Health and Safety legislation, governments or other authorities’ guidance on specific issues
  • provide adequate information in a timely manner to the Board of Governors and the Board of Directors
  • review entries on the company’s Risk Register annually for consideration and approval by the Board of Governors and the Board of Directors

4. Review

This policy will be reviewed at least once a year

This policy will be approved by the Board of Governors and the Board of Directors.


November 2020